Yep, I have them to 1 months ago, we don't have many clients, so in any false/positive is best for us to block all the wrong tries.
But like I wrote, the have a LOT of IP's, it's a directed attack as they know the usernames, so is not kind of a "wide" attack, if we had the possibility to use...